[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: photuris-06.txt

To: Phil Karn <karn@qualcomm.com>
Subject: Re: photuris-06.txt
From: Theodore Ts'o <tytso@MIT.EDU>
Date: Tue, 7 Nov 1995 23:46:17 -0500
Address: 1 Amherst St., Cambridge, MA 02139
Cc: markham@sctc.com, ipsec@ans.net
In-Reply-To: Phil Karn's message of Tue, 7 Nov 1995 18:27:51 -0800 (PST),<199511080227.SAA22694@servo.qualcomm.com>
Phone: (617) 253-8091

   Date: Tue, 7 Nov 1995 18:27:51 -0800 (PST)
   From: Phil Karn <karn@qualcomm.com>

   Since I am not concerned about the military world (they can take care
   of themselves) I am tempted to conclude that these issues are all
   beyond the immediate scope of the document for now.

Yet the current wording which Bill is proposing says that Photoris only
works on systems where the military-style mandatory access controls is
present.  Surely that's not correct!

However, presumably we are still worried about the case where you have
two mutually suspicious users on the same host --- which means you
should avoid per-host keying to avoid the attacks which Steve Bellovin
talked about at Danvers (I think) IETF meeting.  Are we agreed this is
something we want to worry about?  I think we should, since avoiding it
seems relatively easy.

I just want to make sure that we are all agreed on the general goals and
scope of Photoris; if so, then we can work on the wording which states
our common understanding.

						- Ted

Prev by Date: RE: photuris-06.txt
Next by Date: Re: photuris-06.txt
Prev by thread: RE: photuris-06.txt
Next by thread: Re: photuris-06.txt
Index(es):
- Main
- Thread